Modification for production

htdocs/index.php

@@ -2,8 +2,9 @@
 //Inclusion de l'API Onyx
 require_once(trim(file_get_contents('./.onyx')));
 
-define("SALT_USER", "connected");
+define("SALT_PUBLIC", $VAR["prefix_public"]);
-define("SALT_ADMIN", "admin");
+define("SALT_USER", $VAR["prefix_teams"]);
+define("SALT_ADMIN", $VAR["prefix_admin"]);
 
 //On active le débogage si l'on est sur le domaine de debug
 
@@ -13,6 +14,8 @@ if ($_SERVER["SERVER_NAME"] == "localhost" || $_SERVER["SERVER_NAME"] == "fic" |
 //Chargement de tout le nécessaire pour le site
 require_once("common.php");
 
+$template->assign("SALT_CDN",SALT_PUBLIC);
+$template->assign("SALT_PUBLIC",SALT_PUBLIC);
 $template->assign("SALT_USER",SALT_USER);
 $template->assign("SALT_ADMIN",SALT_ADMIN);
 

misc/openssl.cnf

@@ -39,7 +39,7 @@ default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]
 
-dir		= fic_pki #DIR 		# Where everything is kept
+dir		= /srv/fic2014-server/misc//pki #DIR 		# Where everything is kept
 certs		= $dir/certs		# Where the issued certs are kept
 crl_dir		= $dir/crl		# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
@@ -147,7 +147,7 @@ organizationalUnitName		= Organizational Unit Name (eg, section)
 organizationalUnitName_default	= SRS
 
 commonName			= Common Name (e.g. server FQDN or YOUR name)
-commonName_default		= toto#COMMONNAME
+commonName_default		= FIC2014 Server #COMMONNAME
 commonName_max			= 64
 
 emailAddress			= Email Address
@@ -176,7 +176,7 @@ basicConstraints=CA:FALSE
 # the certificate can be used for anything *except* object signing.
 
 # This is OK for an SSL server.
-nsCertType			= client #CERTTYPE
+nsCertType			= server #CERTTYPE
 
 # For an object signing certificate this would be used.
 # nsCertType = objsign

nginx.conf

@@ -1,12 +1,26 @@
 server {
-    listen 80;
+    listen 443 ssl;
-    listen [::]:80;
+    listen [::]:443 ipv6only=on;
-    server_name fic fic.p0m.fr fic.nemunai.re;
 
     access_log /var/log/nginx/fic.access_log;
-    error_log /var/log/nginx/fic.error_log debug;
+    error_log /var/log/nginx/fic.error_log;
 
-    root /var/www/fic2014-server/htdocs;
+    root /srv/fic2014-server/htdocs;
+    index index.php;
+
+    ssl_certificate /srv/fic2014-server/misc/server.crt;
+    ssl_certificate_key /srv/fic2014-server/misc/server.key;
+    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers		 ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
+    ssl_client_certificate /srv/fic2014-server/misc/pki/cacert.crt;
+    ssl_verify_client on;
+    add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
+
+    if ($ssl_client_s_dn !~ "/C=FR/ST=France/O=Epita/OU=SRS/")
+    {
+	return 401;	
+    }
 
     location / {
       if (-f $request_filename) {
@@ -39,7 +53,7 @@ server {
     {
 	if (!-e $document_root$document_uri) { return 404; }
         include /etc/nginx/fastcgi.conf;
-        fastcgi_pass  127.0.0.1:9000;
+        fastcgi_pass  unix:/var/run/php5-fpm.sock;
         fastcgi_index index.php;
 	break;
     }

onyx/config/sample.root.xml

@@ -1,8 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<configs active="1" root="/var/www/jacobdelafon/htdocs/" cache="1">
+<configs active="1" root="/srv/fic2014-server/htdocs/" cache="1">
   <config match="index.php">
     <var name="end_challenge">1381441316</var>
+    <var name="misc_dir">/srv/fic2014-server/misc/</var>
+    <var name="submission_dir">/srv/fic2014-server/submission/</var>
     <var name="chrono"><![CDATA[<!--Page générée en: $ secondes.-->]]></var>
+    <var name="prefix_public">challenge-public</var>
+    <var name="prefix_teams">challenge</var>
+    <var name="prefix_admin">challenge-admin</var>
   </config>
   <config match="*">
     <env option="auth">0</env>

onyx/tpl/bootstrap/clock.tpl

@@ -1,11 +1,11 @@
     <div class="clock">
       <div id="ficlogo">
-        <a href="/">
+        <a href="{$SALT_PUBLIC}/">
-          <img src="/img/challenge.jpg" alt="Forum International de la Cybersécurité">
+          <img src="{$SALT_CDN}/img/challenge.jpg" alt="Forum International de la Cybersécurité">
 	</a>
       </div>
       <div id="epitalogo">
-          <img src="/img/epita.png" alt="Epita">
+          <img src="{$SALT_CDN}/img/epita.png" alt="Epita">
       </div>
       <div id="Date"></div>
       <ul>

onyx/tpl/bootstrap/layout.tpl

@@ -5,7 +5,7 @@
     <title>{block name=title}Challenge FIC2014{/block}</title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <!-- Bootstrap -->
-    <link href="/css/bootstrap.min.css" rel="stylesheet" media="screen">
+    <link href="{$SALT_CDN}/css/bootstrap.min.css" rel="stylesheet" media="screen">
 
     <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
     <!--[if lt IE 9]>
@@ -13,7 +13,7 @@
       <script src="../../assets/js/respond.min.js"></script>
     <![endif]-->
 
-    <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
+    <link rel="shortcut icon" type="image/x-icon" href="{$SALT_CDN}/favicon.ico">
     <meta name="author" content="EPITA Laboratoire SRS">
     <meta name="robots" content="all">
     <meta name="language" content="{$smarty.const.LANG}">
@@ -38,7 +38,7 @@
     </footer>
 
     <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
-    <script src="/js/jquery.min.js"></script>
+    <script src="{$SALT_CDN}/js/jquery.min.js"></script>
     <!-- Include all compiled plugins (below), or include individual files as needed -->
     <script src="/js/bootstrap.min.js"></script>
   {block name=end}{/block}